uiAgent, Inc. PRIVACY POLICY Last Updated: March 20, 2025

INTRODUCTION uiAgent, Inc. ("we," "our," or "us") is committed to protecting the privacy and security of personal data we process. This Privacy Policy describes how we collect, use, disclose, and safeguard personal data received from the European Union (EU), the United Kingdom (UK), and Switzerland.

uiAgent, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. uiAgent, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

SCOPE

This Privacy Policy applies to all personal data received by uiAgent, Inc. in the United States from the European Union, the United Kingdom, and Switzerland, in any format, including electronic, paper, or verbal communications. This includes personal data processed through our AI accounting agent services for bookkeeping, monthly end close, account reconciliation, and audit functions, as well as related business operations.

DEFINITIONS

For purposes of this Privacy Policy, the following definitions apply: • Personal Data: Any information relating to an identified or identifiable natural person. • Sensitive Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or sex life and sexual orientation, or data relating to criminal convictions or offenses. • Controller: An organization that determines the purposes and means of processing personal data. • Processor: An organization that processes personal data on behalf of a controller. • Processing: Any operation performed on personal data, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

DATA PRIVACY FRAMEWORK PRINCIPLES

uiAgent, Inc. commits to the following principles regarding personal data transferred from the EU, UK, and Switzerland:

1. Notice When we collect personal data directly from individuals in the EU, UK, or Switzerland, we inform them about: • The purposes for which we collect and use their personal data • The types of third parties to which we disclose that information • The choices and means we offer for limiting the use and disclosure of their personal data • How to contact us with any inquiries or complaints • The independent dispute resolution body designated to address complaints

When we receive personal data from our customers, suppliers, or other commercial partners in the EU, UK, or Switzerland rather than directly from individuals, we will process such personal data in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal data relates.

2. Choice We offer individuals the opportunity to choose (opt out) whether their personal data is: • To be disclosed to a third party • To be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the individual

For sensitive personal data, we obtain affirmative express consent (opt in) if such information is to be: • Disclosed to a third party • Used for a purpose other than those for which it was originally collected or subsequently authorized by the individual

3. Accountability for Onward Transfer We will only transfer personal data to a third-party acting as a controller when: • The third party has subscribed to the relevant DPF Principles or offers an adequate level of protection • We have entered into a written contract ensuring that the third party provides at least the same level of privacy protection as is required by the DPF Principles

uiAgent, Inc. remains liable under the EU-U.S. DPF Principles if a third-party agent processes personal data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

If we learn that a third party to which we have transferred personal data is using or disclosing personal data in a manner inconsistent with this Policy, we will take reasonable steps to prevent or stop such processing.

4. Security We take reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data.

5. Data Integrity and Purpose Limitation We limit the collection of personal data to information that is relevant for the purposes of processing. We do not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual.

We take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We retain personal data only for as long as it serves a purpose of processing for which it was collected or subsequently authorized.

6. Access Upon request, we grant individuals reasonable access to the personal data that we hold about them. We also take reasonable steps to allow individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, or where the rights of persons other than the individual would be violated.

7. Recourse, Enforcement, and Liability We have mechanisms in place to ensure compliance with the DPF Principles and provide recourse for individuals whose personal data is processed in non-compliance with the DPF Principles. These mechanisms include: • Annual self-assessment of our compliance with the DPF Principles • Internal procedures for addressing complaints • Verification that our privacy policy is accurate, comprehensive, prominently displayed, and fully implemented • Employee training on compliance with the DPF Principles • Independent dispute resolution for addressing complaints about our compliance

DETAILED DATA PROCESSING ACTIVITIES

A. What Personal Data We Collect and Process As a SaaS platform providing AI accounting agents for bookkeeping, monthly end close, account reconciliations, and audits to large companies and CPA firms, we collect and process the following categories of personal data:

1. Customer/Client Data: o Contact information of company representatives (name, email address, phone number, business address, job title, department) o Business credentials and authentication information (usernames, encrypted passwords, access logs, system permissions) o Professional qualifications and certifications of accounting staff who interact with our platform o Communication records (emails, chat logs, support tickets, training session records) o Financial and accounting data necessary for our AI agents to perform their functions, including: § Journal entries and financial transactions § Account statements and reconciliation data § Vendor and customer information within financial records § Tax identification numbers and financial identifiers § Audit trails and system logs of accounting activities § Signatures and approvals on financial documents o User behavior patterns and interaction with our AI accounting agents o Service configuration preferences and customized accounting workflows o Feedback data on AI agent performance and accuracy

2. Visitor and Prospect Data: o Contact information provided through website forms and demo requests o IP addresses, device information, and geolocation data o Website navigation patterns and service interest indicators o Recorded webinar attendance and engagement metrics o Marketing preferences and communication opt-ins o Information provided during sales consultations and needs assessments o Technical compatibility information for service implementation

3. Employee and Contractor Data: o Employee contact and identification information o Professional qualifications, expertise in accounting/finance o Employment history and performance evaluations o Training records on accounting standards and software proficiency o Compensation and benefits information o Time tracking and project allocation data o Background verification information where legally permitted o Emergency contact information

B. Why We Process Personal Data (Purposes of Processing) We process the above personal data for the following specific purposes related to our AI accounting agent services:

1. Core AI Accounting Service Delivery: o Providing automated bookkeeping services through our AI agents o Executing monthly end close procedures via our platform o Conducting automated account reconciliations between different financial systems o Supporting audit preparation and execution with AI-driven analytics o Detecting anomalies in financial data that require human review o Generating financial reports and statements based on processed data o Validating compliance with accounting standards and regulations o Creating audit trails of all accounting activities for accountability

2. Account and User Management: o Creating and maintaining corporate client accounts with appropriate hierarchies o Managing user identity verification and role-based access control o Authenticating authorized users and tracking system access o Setting up client-specific accounting rules and preferences o Configuring approval workflows based on client organizational structure o Establishing data segregation between different client entities o Maintaining accounting team collaboration spaces within the platform o Recording user activity for security and compliance purposes

3. AI System Training and Improvement: o Training our AI accounting models on anonymized financial datasets o Refining algorithm accuracy for specific accounting tasks and use cases o Developing new accounting automation capabilities based on identified needs o Analyzing performance patterns to enhance accounting process efficiency o Testing system responses to complex accounting scenarios o Benchmarking against accounting industry standards and practices o Adapting to changes in accounting regulations and standards o Creating specialized functions for industry-specific accounting needs

4. Technical Support and Client Success: o Diagnosing and resolving technical issues within the platform o Providing training and onboarding for new accounting team members o Answering client questions about accounting automation features o Assisting with complex accounting scenarios requiring customization o Tracking issue resolution and system performance metrics o Conducting proactive system health checks and maintenance o Communicating platform updates and new accounting features o Facilitating knowledge transfer on accounting automation best practices

5. Business Development and Client Relationship Management: o Communicating with existing clients about service renewals and upgrades o Sending educational content about accounting technology advancements o Conducting targeted marketing to accounting professionals (with consent) o Organizing webinars and training events on accounting automation o Gathering feedback for product roadmap development o Measuring client satisfaction and service utilization metrics o Identifying expansion opportunities within client organizations o Creating case studies on accounting efficiency improvements (with permission)

6. Legal Compliance and Protection: o Maintaining records required by financial regulators o Complying with data retention requirements for accounting records o Responding to legal requests and audits by authorized bodies o Enforcing our terms of service and data usage policies o Preventing fraud and unauthorized access to financial systems o Securing sensitive financial data against cyber threats o Managing contractual obligations with clients and partners o Documenting consent and processing activities for compliance

C. How We Process Personal Data Our processing activities include the following specific methods and technologies:

1. AI-Powered Accounting Automation: o Automated data extraction from financial documents and systems o Pattern recognition in transaction data for classification and coding o Machine learning algorithms for anomaly detection in financial records o Natural language processing to interpret accounting queries and documentation o Predictive analytics for cash flow forecasting and financial planning o Rule-based validation of accounting entries against established standards o Automated reconciliation processes between multiple financial systems o AI-driven audit sampling and testing methodologies

2. Secure Data Management Systems: o Encrypted storage of all financial and personal data o Role-based access controls with multi-factor authentication o Segregation of client data in separate secure database instances o Regular security scanning and vulnerability assessment o Automated backup procedures with disaster recovery capabilities o Secure API connections to client financial systems with token authentication o Data loss prevention controls for sensitive financial information o Secure file transfer protocols for document exchange

3. Integration with Financial Ecosystems: o API connections to major ERP and accounting software systems o Secure data synchronization with banking and payment platforms o Integration with tax preparation and filing systems o Connected workflows with document management systems o Collaboration interfaces with external auditors and regulators o Data exchange with financial reporting and visualization tools o Integration with electronic signature and approval systems o Secure connections to regulatory compliance checking services

4. Analytics and Performance Measurement: o Processing of usage patterns to improve system performance o Analysis of accounting process efficiency metrics o Measurement of error rates and correction patterns o Tracking of time savings compared to manual accounting processes o Monitoring of system response times and availability o Analysis of feature utilization across different client segments o Measurement of accuracy improvements over time o Benchmarking against industry standard accounting metrics

D. Third-Party Transfers and Data Sharing We may share personal data with the following specific categories of third parties:

1. Technology Infrastructure Providers: o Cloud hosting providers (e.g., Amazon Web Services, Microsoft Azure) o Database management services for financial data storage o Authentication and identity management services o Backup and disaster recovery service providers o Network security monitoring services o Content delivery networks for global service availability

2. Specialized Service Partners: o AI technology partners that enhance our accounting automation capabilities o Financial data integration specialists for connecting to client systems o Document processing services for financial statement digitization o Customer relationship management platforms (e.g., Salesforce) o Support ticketing and knowledge base systems o Training and certification platforms for user education

3. Financial and Professional Services: o Payment processors for subscription billing (e.g., Stripe, PayPal) o Accounting standards advisory partners for compliance updates o External auditors for security and compliance verification o Legal advisors for regulatory compliance and contract matters o Insurance providers for professional liability coverage o Business consultants for service optimization

4. Business Partners: o Accounting software companies for integration partnerships o CPA firms that co-deliver services with our technology o Financial institution partners for transaction verification o Industry associations for standard development and adoption o Academic research partners for accounting technology advancement o Technology marketplaces where our services are listed

5. Regulatory and Legal Entities: o Financial regulatory authorities when legally required o Tax authorities for compliance verification o Law enforcement agencies in response to valid legal requests o Courts and litigation counterparties in legal proceedings o Data protection authorities for compliance supervision o Professional accounting oversight bodies

We ensure appropriate contractual safeguards are in place with all third parties, including data processing agreements that restrict their use of personal data to our instructions and require appropriate security measures. These agreements include specific provisions for data minimization, purpose limitation, and security requirements aligned with the DPF Principles.

DATA RETENTION

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For accounting-related data, we adhere to retention periods required by applicable accounting, tax, and financial regulations, including: • Client financial transaction data: 7 years after transaction date (or longer if required by applicable accounting regulations) • User account information: Duration of the business relationship plus 2 years • AI training datasets (anonymized): Up to 5 years for system improvement purposes • System logs and access records: 2 years for security and audit purposes • Marketing data: Until consent withdrawal or 2 years after last interaction • Employee data: Duration of employment plus applicable statutory periods

INDIVIDUAL RIGHTS

Individuals in the EU, UK, and Switzerland have the right to: • Access their personal data • Correct inaccurate personal data • Request erasure of their personal data • Restrict or object to the processing of their personal data • Data portability • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, individuals may contact us using the information provided in the "Contact Information" section below.

COMPLAINT RESOLUTION

If you have a complaint about our privacy practices, please contact us using the information provided in the "Contact Information" section below. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal data within 45 days of receiving your complaint.

If your complaint cannot be resolved through our internal processes, in compliance with the EU-U.S. DPF, uiAgent, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.

uiAgent, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Under certain conditions, individuals may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify individuals of any material changes to this Policy by posting the updated policy on our website and, where appropriate, sending email notifications to registered users.

CONTACT INFORMATION

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

uiAgent, Inc. 447 Broadway New York, NY 10013 United States

privacy@uiagent.com

+1 (917) 721-6250

Privacy Officer: Enes Witwit

EFFECTIVE DATE

This Privacy Policy is effective as of March 20, 2025.